|
Family: Windows : Microsoft Bulletins --> Category: infos
Unchecked Buffer in Windows Help Facility Could Enable Code Execution (Q323255) Vulnerability Scan
Vulnerability Scan Summary Checks for MS Hotfix Q323255, Unchecked Buffer in Windows Help facility
Detailed Explanation for this Vulnerability Test
Synopsis :
Arbitrary code can be executed on the remote host through the web client.
Description :
The remote host contains a version of the HTML Helpfacility ActiveX control
module which is vulnerable to a security flaw which may allow a possible hacker
to execute arbitrary code on the remote host by constructing a malicious
web page and entice a victim to visit this web page.
Solution :
Microsoft has released a set of patches for Windows NT, 2000 and XP :
http://www.microsoft.com/technet/security/bulletin/ms02-055.mspx
Threat Level:
High / CVSS Base Score : 8
(AV:R/AC:H/Au:NR/C:C/A:C/I:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|